Home / Analyst’s router caution

Analyst’s router caution

Gartner is advising network professionals to pay closer attention to their network infrastructure in the wake of the Cisco – Michael Lynn vulnerability disclosure controversy.

Gartner is advising network professionals to pay closer attention to their network infrastructure in the wake of the Cisco – Michael Lynn vulnerability disclosure controversy.

Cisco sued Lynn, an internet security researcher, for publishing details of a Cisco router security flaw against its wishes. Researcher Michael Lynn was an employee of security firm ISS when he uncovered the flaw.

ISS and Cisco refused Lynn permission to disclose the flaw but Lynn resigned from his post at ISS and gave a presentation showing how to exploit it at the Black Hat Briefings conference on July 27 in Las Vegas.

“The most significant revelation in all this is that organisations have to pay closer attention to their network infrastructure from a patching and security risk perspective,” says Paul Proctor, research vice president of Security and Risk at Gartner.

“The edge routers that are most at risk are also the most difficult to patch and protect so organisations are faced with a challenge to address these issues,” he adds.

Gartner’s tips:

Pay close attention to IOS vulnerabilities, treat them seriously, and follow the guidelines within advisories to upgrade to a newer version of software as the earliest opportunity.

Patch internet-facing routers first as they are at much greater risk than internal routers.

In the event of a buffer/heap/stack overflow vulnerability, take immediate action to shield your network using a layered defence, including network-based intrusion prevention technologies, to block exploits while executing normal test-and-patch deployment processes.

Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.